2013-2014-2015 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES TELECOMMUNICATIONS INTERCEPTION AND ACCESS AMENDMENT DATA RETENTION BILL 2014 SUPPLEMENTARY EXPLANATORY MEMORANDUM Amendments to be Moved on Behalf of the Government Circulated by authority of the Attorney-General Senator the Honourable George Brandis QC AMENDMENTS TO THE TELECOMMUNICATIONS INTERCEPTION AND ACCESS AMENDMENT DATA RETENTION BILL 2014 GENERAL OUTLINE 1 The Telecommunications Interception and Access Amendment Data Retention Bill 2014 the Bill was introduced in the House on 30 October 2014 and was referred to the Parliamentary Joint Committee on Intelligence and Security the PJCIS for inquiry on 21 November 2014 The PJCIS tabled its Advisory Report on the Telecommunications Interception and Access Amendment Data Retention Bill 2014 the PJCIS Report on 27 February 2015 2 The PJCIS concluded that implementation of a mandatory data retention regime is necessary to maintain the capability of national security and law enforcement agencies and recommended that the Bill be passed recommendation 39 3 The PJCIS also recommended that the Bill be amended to strengthen the privacy safeguards and oversight mechanisms contained in the proposed data retention scheme 4 On 3 March 2015 the Government announced that it would accept all of the Committee‟s recommendations The Government will move a number of amendments to the Bill to implement the recommendations made by the PJCIS in its report 5 These amendments also implement the „journalist information warrant‟ which is designed to protect the confidentiality of journalists‟ sources The journalist information warrants regime prohibits agencies from making authorisations to access journalists‟ or their employers‟ data for the purpose of identifying a confidential source unless a journalist information warrant is in force The journalist information warrants regime recognises the public interest in protecting journalists‟ sources while ensuring agencies have the investigative tools necessary to protect the community 6 The Government will also move amendments to the Intelligence Services Act 2001 the Telecommunications Act 1997 the Privacy Act 1988 and the Australian Security Intelligence Organisation Act 1979 to give effect to recommendations made in the PJCIS Report FINANCIAL IMPACT STATEMENT 7 The amendments to the Bill do not have a financial impact 2 STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS Prepared in accordance with Part 3 of the Human Rights Parliamentary Scrutiny Act 2011 Amendments to the Telecommunications Interception and Access Amendment Data Retention Bill 2014 8 This Bill is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights Parliamentary Scrutiny Act 2011 Overview of the Amendments 9 The proposed amendments to the Telecommunications Interception and Access Amendment Data Retention Bill 2014 the Bill implement recommendations of the Advisory report on the Telecommunications Interception and Access Amendment Data Retention Bill 2014 tabled in Parliament on 27 February 2015 the PJCIS Report The proposed amendments to the Bill focus primarily on increasing Parliamentary oversight of the proposed mandatory data retention scheme and on strengthening safeguards oversight and accountability mechanisms relating to access to telecommunications data more broadly 10 In response to a recommendation in the PJCIS Report an amendment to the Intelligence Services Act 2001 the ISA will be made to give the Parliamentary Joint Committee on Intelligence and Security the PJCIS the ability to inquire into operational matters relating to the use of telecommunications data by the Australian Security Intelligence Organisation ASIO and the Australian Federal Police AFP in relation to the AFP‟s counter-terrorism functions 11 The amendments also introduce a journalist information warrant regime Agencies are prohibited from authorising disclosure of a journalists‟ or their employers‟ telecommunications data for the purposes of identifying a source of the journalist without a warrant issued from an independent issuing authority 12 Furthermore the amendments to the Bill amend the Telecommunications Act 1997 the Telecommunications Act the Privacy Act 1988 the Privacy Act and the Australian Security Intelligence Organisation Act 1979 to implement recommendations of the PJCIS Report Overview of measures Telecommunications Interception and Access Act 1979 13 The proposed amendments to the Telecommunications Interception and Access Act 1979 the TIA Act implement the Government‟s response to recommendations from the PJCIS Report and introduce a journalist information warrant scheme These amendments will 3 include the data set amended to incorporate the recommendations of the Data Retention Implementation Working Group1 in the TIA Act clarify that service providers are only required to retain telecommunications data to the extent that such information is in fact available to a service provider define the term „infrastructure‟ in the Bill require the Communications Access Co-ordinator the CAC to consider the objects of the Privacy Act when considering whether to make a declaration under proposed section 187B 2 make declarations in relation to a „criminal law-enforcement agency‟ an „enforcement agency‟ items in the data set and classes of service providers however these declarations cease to be in force after 40 sitting days of either House of Parliament after the declaration comes into force require that any future Bill that seeks to amend the list of criminal law-enforcement agencies enforcement agencies items in the data set or classes of service providers be referred to the PJCIS with a minimum of 15 sitting days to review and report on the Bill establish a journalist information warrant scheme which will require ASIO and enforcement agencies to obtain a warrant from an independent issuing authority prior to authorising disclosure of telecommunications data for the purpose of identifying a journalist‟s source require agencies to provide a copy to the Commonwealth Ombudsman or the Inspector-General of Intelligence and Security of each authorisation that authorises disclosure of information for the purpose of determining the identity of a journalist‟s source require all service providers to be compliant in respect of retained data with the Privacy Act and Australian Privacy Principles APPs enable the CAC to refer disputes over proposed implementation plan exemptions or variations to the Australian Communications Media Authority the ACMA for determination provide that the characteristics of a binding scheme in relation to the protection of personal information referred to in proposed sections 110A 4 c ii and 176A 4 c ii include a mechanism o for monitoring the authority or body‟s compliance with the scheme and o to enable individuals to seek recourse if their personal information is mishandled 1 The Implementation Working Group IWG is a joint government-industry group which was established by the Government when the Telecommunications Interception and Access Amendment Data Retention Bill 2014 was introduced into Parliament on 30 October 2014 The IWG is chaired by the Secretary of the AGD with the Director-General of the Australian Security Intelligence Organisation and the Commissioner of the Australian Federal Police as co-deputy chairs IWG membership also includes the Secretary of the Department of Communications the Chief Executive Officer of the Australian Crime Commission senior executives of Telstra and Optus and the Chief Executive Officer of Communications Alliance an industry body representing more than 150 Australian telecommunications companies The role of the IWG is to consult with industry to support the effective implementation of the proposed data retention obligations 4 list the Australian Securities and Investments Commission ASIC and the Australian Competition and Consumer Commission ACCC as criminal law-enforcement agencies prohibit civil litigants from being able to access telecommunications data that is held by a service provider solely for the purpose of complying with the mandatory data retention regime clarify that individuals have the right to access their personal telecommunications data retained by a service provider under the data retention regime limit the circumstances in which enforcement agencies may access telecommunications data by requiring that an authorised officer before making an authorisation under Division 4 or 4A of Part 4-1 of the Act be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate and that the authorised officer have regard to o the gravity of the conduct being investigated including the seriousness of any criminal offence pecuniary penalty or protection of the public revenue o whether the authorisation is sought for the location of missing persons o the reason why the disclosure is proposed to be authorised and o the likely relevance and usefulness of the information or documents to the investigation require the PJCIS to commence its review of the operation of the data retention scheme no later than the second anniversary of the end of the implementation period require that the annual report prepared under section 187P include information on the operation of the data retention and the use of journalist information warrants include the following information o costs of the mandatory data retention scheme and o use of implementation plans under the mandatory data retention scheme require that the annual report prepared under subsection 186 1 on authorisations for the disclosure of telecommunications data include the following information o category of purpose for accessing data including a breakdown of types of offences o age of data sought o number of requests for traffic data o number of requests for subscriber data o number of journalist information warrants issued and o number of authorisations issued under journalist information warrants require service providers to protect and encrypt telecommunications data that has been retained for the purposes of the mandatory data retention scheme enable the Prime Minister to declare persons to be Public Interest Advocate for the purposes of making submissions to the issuing authority on warrants permitting the making of authorisations to disclosure telecommunications data for the purposes of identifying a journalist‟s source 5 Intelligence Services Act 2001 14 The proposed amendment to the ISA implements the Government‟s response to recommendation 34 of the PJCIS Report This amendment grants the PJCIS the ability to inquire into operational matters relating to the use of telecommunications data by ASIO as well as to the AFP in relation to its counter-terrorism functions The proposed amendments also make consequential changes to the ISA to give effect to the journalist information warrants regime Telecommunications Act 1997 15 The proposed amendment to the Telecommunications Act implements the Government‟s response to recommendation 23 of the PJCIS Report This amendment prohibits civil litigants from being able to access telecommunications data that is kept by a service provider solely for the purpose of complying with the mandatory data retention regime and that is used only for that purpose or a limited number of public interest purposes such as preserving the safety of life at sea The amendment includes a regulation making power to create appropriate exceptions Privacy Act 1988 16 The proposed consequential amendments to the Privacy Act implement recommendations 24 and 35 of the PJCIS Report These amendments will respectively clarify that individuals have the right to access their personal telecommunications data retained by a service provider under the data retention regime and require all service providers regardless of their size to be compliant with the Australian Privacy Principles APPs in respect of retained data Australian Security Intelligence Organisation Act 1979 17 The proposed amendments to the ASIO Act give effect to recommendation 33 of the PJCIS Report insofar as it applies to ASIO Section 94 of the ASIO Act has been amended to ensure that ASIO‟s classified annual report will include the information requested in recommendation 33 of the PJCIS Report including the number and purposes of authorisations to access retained data the lengths of time for which relevant documents covered by the authorisations were held and the number of authorisations that related to subscriber data and traffic data respectively The Act will also be amended to require ASIO to include the number of journalist information warrants and authorisations made under journalist information warrants to be included in its classified annual report The proposed amendments also make consequential changes to the ASIO Act to give effect to the journalist information warrants regime 6 Human rights implications 18 The amendments to the Bill engage the following human rights protection against arbitrary or unlawful interference with privacy contained in Article 17 of the International Covenant on Civil and Political Rights ICCPR the right to freedom of expression contained in Article 19 of the ICCPR the right to an effective remedy contained in Article 2 3 of the ICCPR the right to a fair hearing in Article 14 of the ICCPR 19 To the extent that the proposed Government amendments to the Bill do not displace or substantively modify foundational measures contained in the Bill the rights-based implications of those measures are comprehensively addressed in the Explanatory Memorandum tabled in Parliament on 30 October 2014 An analysis of the human rights engaged by the proposed Government amendments is outlined below Implementation of Recommendations from the PJCIS Report Right to protection against arbitrary or unlawful interferences with privacy – Article 17 of the ICCPR 20 A number of measures implementing PJCIS recommendations engage the right to protection against arbitrary and unlawful interferences with privacy in Article 17 of the ICCPR Article 17 of the ICCPR provides that no one shall be subjected to arbitrary or unlawful interference with their privacy family home or correspondence For interference with privacy not to be arbitrary it must be in accordance with the provisions aims and objectives of the ICCPR and should be reasonable in the particular circumstances Reasonableness in this context incorporates notions of proportionality to the end sought and necessity in the circumstances 21 The following amendments to the Bill engage and promote the right to privacy A number of the proposed Government amendments also serve to enhance privacy protections for individuals by supplementing and augmenting existing oversight and accountability mechanisms contained in the Bill as originally introduced These measures which respond to PJCIS recommendations expand the existing integrated suite of oversight mechanisms and safeguards which apply to the use of and access to telecommunications data Items 1 12 15 to 21 and 24 will require service providers to protect and encrypt telecommunications data that has been retained This requirement will supplement the existing information security obligations under the Privacy Act and the Telecommunications Consumer Protection Code and adds an additional layer of privacy and security protection for customer data supporting the confidentiality of that information Items 5 8 66 and 74 will provide that any Ministerial declarations made in relation to the data retention scheme cease to have effect 40 sitting days after a declaration comes into force The amendments will require that any permanent addition to the data set classes of service providers that must comply with the data retention regime 7 or list of criminal law-enforcement agencies or enforcement agencies that can access retained data must be introduced through amendments to the TIA Act Any such amendments to the TIA Act must then be referred to the PJCIS for inquiry These provisions ensure that any proposed permanent change to the data retention regime is considered by the Parliament facilitating further parliamentary scrutiny Item 6 clarifies that service providers are only required to retain telecommunications data to the extent that such information is in fact available to that service provider They are not required to retain information about communications passing „over the top‟ of the underlying service they provide which are being carried by means of another service operated by another provider Item 8 will place the dataset in primary legislation This amendment places the detail of the data retention obligation clearly on the face of the legislation providing certainty and clarity to providers and telecommunications users The data set is supported by a declaration power subject to Parliamentary disallowance and Committee scrutiny so the dataset can be amended where necessary to rapidly respond to advancements in telecommunications technology or the use of telecommunications services The amendment recognises that the dataset is central to the operation of the proposed data retention regime and provides a high level of certainty for industry and the Australian public that there are adequate safeguards in place to scrutinise any amendments to the dataset This amendment also accords with the Parliamentary Joint Committee on Human Rights recommendation 1 36 in its Report into the Examination of legislation in accordance with the Human Rights Parliamentary Scrutiny Act 20112that the Bill be amended to define the types of data to be retained to avoid arbitrary interference with the right to privacy that may result from specifying types of data to be retained in regulations Items 9 10 and 11 amend section 187B to require the CAC to consider the objects of the Privacy Act when considering whether to make a declaration to apply the data retention obligation to additional services under proposed subsection 187B 2 require the CAC to consult with the Australian Privacy Commissioner before making a declaration if there is any uncertainty or a need for clarification require the CAC to consider any submissions made by the Australian Privacy Commissioner as a result of such consultation and require the CAC to notify the PJCIS of any declaration made under 187B 2 as soon as practicable after it is made This measure enhances existing privacy protections by requiring that the CAC have regard to applicable privacy considerations and ensures that the Privacy Commissioner is consulted where necessary as part of the CAC‟s deliberations Item 29 amends Schedule 1 to make it clear that individuals have the right to access their personal telecommunications data retained by a service provider under the data retention regime This amendment is consistent with existing policy for access to personal information under the Privacy Act and reinforces existing individual rights 2 Fifteenth Report of the 44th Parliament scrutinising Bills introduced 20-30 October 2014 November 2014 at 14 8 to obtain access to correct and annotate personal information provided by the Privacy Act Item 46 increases the threshold requirement in section 180F for authorisations to disclose telecommunications data to require that the authorising officer be „satisfied on reasonable grounds‟ that a particular disclosure or use of telecommunications data being proposed is proportionate to the intrusion into privacy as opposed to “having regard to whether any interference with privacy is justifiable” This item also requires the authorising officer to have regard to a number of specified factors including the gravity of the conduct being investigated the reason why the disclosure is proposed to be authorised and the likely relevance and usefulness of the information to the investigation This measure will bolster privacy safeguards by ensuring agencies weigh the proportionality of the intrusion into privacy against the value of the evidence and the assistance to be provided to the investigation Items 65 and 73 will require that the characteristics of a binding scheme in relation to the protection of personal information referred to in proposed subparagraph 110A c ii of the TIA Act include a mechanism for monitoring the authority or body‟s compliance with the scheme and enable individuals to seek recourse if their personal information is mishandled This measure ensures a greater level of protection of personal information where an enforcement agency is not subject to the protections afforded by the Privacy Act or a binding scheme that provides a comparable level of privacy protection 22 In summary the above measures promote the right to privacy by enhancing privacy protections through for example additional Parliamentary disallowance provisions directly linking Privacy Act protections appropriate oversight by the Privacy Commissioner and PJCIS scrutiny Right to an effective remedy 23 Article 2 3 of the ICCPR protects the right to an effective remedy for any violation of rights or freedoms recognised by the ICCPR including the right to have such a remedy determined by competent judicial administrative or legislative authorities or by any other competent authority provided for by the legal system of the State 24 Item 25 will amend the Bill to allow for the CAC to refer disputes over applications for exemptions from and variations to data retention obligations to the Australian Communications Media Authority the ACMA 25 Item 25 engages and promotes the right to an effective remedy because it will provide service providers with an additional remedial avenue for the resolution of disputes by the ACMA in relation to exemptions or variation decisions made by the CAC 26 The Bill currently confers on ACMA a role to arbitrate disputes in relation to data implementation plans between the CAC and service providers However there is no referral 9 power to facilitate review by the ACMA when a service provider has applied to the CAC for an exemption or variation from the data retention obligations This amendment will implement recommendation 15 of the PJCIS Report 27 The amendment will allow the ACMA to review decisions relating to exemptions from or variations to data retention obligations This amendment engages and promotes the right to an effective remedy for administrative decision making by providing further review by the ACMA of exemption and variation decisions 28 Providing further administrative review of CAC decisions in addition to judicial 3 review advances an applicant‟s right to an effective remedy Right to a fair hearing 29 Article 14 1 of the ICCPR provides that all persons shall be equal before the courts and tribunals and that in the determination of an individual‟s rights and obligations in a suit at law everyone shall be entitled to a fair and public hearing by a competent independent and impartial tribunal established by law This includes respect for the principle of „equality of arms‟ which requires that all parties to a proceeding must have a reasonable opportunity of presenting their case under conditions that do not disadvantage them as against other parties to the proceedings 30 Items 39 and 40 strictly limit the circumstances in which a service provider may disclose data that has been retained for the purpose of Part 5-1A in relation to or as part of civil litigation This measure engages the right to a fair hearing specifically the principle of equality of arms because it has the potential to affect procedural fairness in terms of the general conduct of the proceedings and the nature and quantum of evidence capable of being adduced by the parties and available for the court‟s deliberative processes 31 Specifically items 39 and 40 will amend sections 280 and 281 of the Telecommunications Act to limit the disclosure of information or documents kept by a service provider solely for the purpose of complying with Part 5-1A of the TIA Act and that is used by the service provider only for that purpose a limited range of public interest purposes which include using or disclosing data in connection with an emergency warning a call to an emergency services number a threat to life situation or the preservation of human life at sea or a purpose incidental to those purposes These items give effect to recommendation 23 of the PJCIS Report The Committee received evidence of concerns about a possible increase in the frequency and volume of telecommunications data accessed by civil litigants as a result of the implementation of the proposed data retention scheme and the public interest in confining disclosure of and access to telecommunications data to protect the broader privacy interests of the community 3 Judicial review remains available for decisions made under the TIA Act pursuant to paragraph 75 v of the Constitution and s 39B of the Judiciary Act 1901 Cth 10 32 Items 39 and 40 engage Article 14 1 to the extent that prohibiting litigants from accessing telecommunications data as an evidentiary source in civil proceedings could potentially reduce the ability of parties to litigation to access a probative source of information relevant to their claim or response This has the propensity to affect their legitimate rights and interests in the conduct of civil litigation and constitute an additional ex ante barrier to mounting or defending a claim 33 However items 39 and 40 do not offend the equality of arms principle as telecommunications data will not be available as an evidentiary source for either party As such neither litigant is at a procedural disadvantage in terms or access to evidence or resources to formulate their case Precluding parties‟ access to a new source of information does not purport to nor effectively regulate the rules of evidence in courts and tribunals or impact the way in which other sources of evidence are collected or presented by either party The amendments seek to ensure that access to data that is currently available to claimants and respondents is not reduced or limited as the prohibition is limited to data held solely for the purposes of compliance with the new data retention obligation and related purposes 34 Items 39 and 40 also contain a regulation making power permitting the Minister administering the Telecommunications Act to prescribe exceptions to this prohibition This will enable exceptions to be formulated with the benefit of and informed by detailed empirical information about the use and application of telecommunications data in civil proceedings and enable any anticipated practical impediments to the conduct of litigation to be appropriately addressed The prohibition on the disclosure of retained data in connection with civil proceedings will not commence until the proposed data retention scheme is implemented ensuring the Government has sufficient time to identify and put in place appropriate exceptions 35 In summary none of the fundamental tenets of the right to a fair hearing including the equality of arms principle are removed compromised or reduced by the proposed measure Although the right to a fair hearing is potentially engaged by this measure it is not limited in that it would not undermine or compromise the overall procedural efficacy of civil proceedings The ability of an applicant or plaintiff to present their case or to challenge the case against them is not compromised as the restriction on access to telecommunications data applies equally to both parties As a result this measure will not prevent one party accessing their opponent‟s submissions nor will it compromise procedural equality or generally restrict access to admissible evidence relied on by the other party or adduced in the proceedings Journalist information warrant regime 36 As outlined above Article 17 of the ICCPR provides that everyone has the right to freedom from unlawful or arbitrary interferences with their privacy the right to privacy Article 19 2 of the ICCPR provides that everyone has the right to freedom of expression including the freedom to seek receive and impart information and ideas of all kinds 11 regardless of frontiers either orally in writing or in print in the form of art or through any other media A journalist‟s right to protect confidential information derives from the right to freedom of expression and is a fundamental tenet of an open and unimpeded press Without such protection sources may be deterred from assisting the press in informing the public on matters of public interest As a result the ability of the press to provide accurate and reliable information may be adversely affected 37 Item 47 of the Bill promotes the right to freedom of expression and the right to privacy in that it provides a higher threshold for the authorisation of disclosures of telecommunications data for the purposes of identifying a journalist‟s source 38 Specifically item 47 will create a scheme that will require ASIO and enforcement agencies to obtain a warrant prior to authorising the disclosure of telecommunications data to identify a journalist‟s source The effect of item 47 is to prohibit enforcement agencies from making historic or prospective data authorisations for access to a journalist‟s or their employer‟s data for the purpose of identifying a confidential source unless a journalist information warrant is in force that authorises the making of such authorisations 39 In effect agencies will be required to obtain a journalist information warrant relating to an investigation into a particular journalist from an independent issuing authority or in the case of ASIO the Minister as a condition precedent to the agency being permitted to authorise the disclosure of telecommunications data by carriers for that investigation Notably the warrant scheme will have the same protections safeguards and oversights that apply to agencies when they obtain telecommunications interception warrants The features of the scheme include creating new issuing authorities for the journalist information warrants use and disclosure offences and exceptions for agencies that obtain data relating to journalists and their sources allowing Public Interest Advocates at both the Commonwealth and State and Territory levels to make submissions to warrant issuing authorities statistical reporting by enforcement agencies in the public TIA Act Annual Report and by ASIO in its classified Annual Report and retention of information about the use of these warrants by agencies so that the PJCIS may have access to that information in its long term review of the data retention scheme 40 Item 43 of the Bill promotes the right of journalists to seek and impart information by introducing specific safeguards to protect the confidentiality of journalists‟ sources These protections include achieved high threshold for access through ex ante judicial review of a warrant for data authorisation requests ensuring that data access for the purposes of identifying a source receives specific and dedicated independent attention This measure will ensure that such access is only permitted in circumstances where the public interest in the issue of the warrant outweighs the public interest in maintaining the confidentiality of the source As a corollary the item also promotes the corresponding right of the public to receive information disseminated by a journalist in such circumstances augmenting the ability of the press to provide information on matters of public interest This item further promotes the right to freedom from arbitrary and unlawful interferences with privacy of the 12 source and the journalist by providing for stronger protections that will apply where an agency is seeking to access telecommunications data relating to the journalist or their employer for the purpose of identifying the source 41 Independent oversight through the creation of a warrant scheme approved by a judicial officer or AAT member minimises the potential for deterring sources from actively assisting the press to inform the public on matters of public interest and ensures that the media is not adversely affected by the measure The existence of robust oversight of authorisation requests militates against access to source information occurring in a way which is unduly privacy intrusive Further consistent and routine scrutiny of authorisations by independent issuing authorities will further assist in building public trust about how law enforcement and intelligence agencies are using or seeking to use coercive powers Journalists by extension will have a greater level of surety that the confidentiality of their sources will be preserved save where the public interest in identification outweighs the interest in confidentiality 42 The additional protection afforded to these data authorisations complements journalists‟ limited privilege to not be compelled to identify their sources where they have given an undertaking of confidentiality and is responsive to media concerns centring on press freedom and the protection of journalists‟ sources The Court of Justice of the European Union CJEU in assessing the former EU Data Retention Directive observed that „ the Directive does not provide for any exception with the result that it applies even to persons whose communications are subject according to rules of national law to the obligation of professional secrecy ‟ Digital Rights Ireland Ltd v Minister for Communications Marine and Natural Resources and others Irish Human Rights Commission intervening In re Kärntner Landesregierung and others Joined Cases C-293 12 and C-594 12 2014 WLR D 164 The amendments add a further warrant threshold providing a significant additional and unique protection in relation to the identification of confidential journalist sources 43 Further the statutory criteria to which issuing authorities must have regard in considering a journalist information warrant application including whether the interest in the disclosure of data outweighs the interest in confidentiality of the source with particular regard to the impacts on individual privacy the gravity of the conduct in relation to which the warrant is sought and the potential investigative utility of the information will ensure that privacy and public interest considerations are always taken into account before a journalist information warrant is granted Issuing authorities based on their particular experience and qualifications are well placed to weigh source confidentiality against the operational outcomes sought to be achieved by disclosure Conclusion 44 The amendments to the Bill are compatible with human rights because they promote relevant rights and do not impermissibly derogate from human rights 13 NOTES ON CLAUSES Schedule 1 Amendments Item 1 – Ensuring the confidentiality of information 45 This item inserts the phrase „in accordance with section 187BA and‟ into proposed section 187A This item implements the relevant parts of recommendation 27 of the Advisory Report on the Telecommunications Interception and Access Amendment Data Retention Bill 2014 the PJCIS Report 46 This item requires that service providers comply with new information security and encryption obligations contained in proposed section 187BA in relation to information and documents that service providers are required to keep under proposed section 187A Item 2 – Removal of regulation making power for the data set 47 This item replaces the reference to information of a kind „prescribed by the regulations‟ in paragraph 187A 1 a with a reference to information of a kind referred to in proposed section 187AA This amendment is consequential to the insertion of the dataset into the primary legislation 48 The effect of this item is to remove the power to make regulations to specify which types of information or documents that service providers must retain the data set in order to comply with their data retention obligations 49 This item implements recommendation 2 of the PJCIS Report that the Bill be amended to include the proposed data set in primary legislation Item 3 – Removal of references to matters in the data set to be prescribed 50 This item amends the Bill by removing proposed subsection 187A 2 Proposed subsection 187A 2 in the Bill provided that the dataset to be prescribed in the regulations had to relate to the matters referred to in the subsection 51 Item 2 removes the description of information that may be prescribed by regulation in relation to the data set 52 Item 3 implements recommendation 2 of the PJCIS Report that the Bill be amended to include the proposed data set in primary legislation Items 4 and 5 – Declaration of additional classes of service providers to expire after 40 sitting days 53 Item 4 and 5 amend the Bill to permit the Minister to declare additional services to be the subject of the data retention obligation 14 54 Subsection 187A 3A provides the Minister with a power to declare a service to be within the data retention scheme 55 Subsection 187A 3B provides that a declaration under subsection 187A 3A ceases to be in force after 40 sitting days of either House of Parliament after the declaration comes into force However such a declaration may be expressed to enter into force either when it is made or at some later date The time to expiry of the declaration will only commence once the declaration comes into force 56 Subsection 187A 3C provides that where a Bill is introduced into the Parliament to amend the classes of service providers to which data retention obligations apply i e where a bill is introduced that would permanently list an additional class of service provider on the face of the Telecommunications Interception and Access Act 1979 the TIA Act the Bill must be referred to the PJCIS for inquiry Subsection 187A 3C requires the PJCIS to be given a minimum of 15 sitting days of a House of the Parliament for review and report on the bill 57 Items 4 and 5 give effect to recommendation 14 of the PJCIS Report Item 6 – ‘Over the top’ services 58 This item omits paragraph 187A 4 c of the Bill and replaces it with a paragraph that provides that a service provider is not required to keep or cause to be kept information to the extent that it relates to a communication that is being carried by means of another service that is of a kind referred to in paragraph 187A 3 a and that is operated by another person using the relevant service operated by the service provider Furthermore a service provider is not required to keep or cause to be kept a document to the extent that it contains such information This item seeks to ensure that service providers are only required to retain telecommunications data to the extent that such information is available to that service provider 59 This item also introduces a note at the end of proposed paragraph 187A 4 c putting beyond doubt that service providers are not required to keep information or documents about communications that are carried or enabled by means of services that they themselves do not provide that pass „over the top‟ of the underlying service they provide This item implements recommendation 6 of the PJCIS Report Item 7 – Removal of subsection 187A 7 60 This item removes proposed subsection 187A 7 of the Bill which provided that for the purposes of certain information or documents required to be retained by service providers two or more communications that together constitute a single communications session are taken to be a single communication 15 61 Proposed subsection 187A 7 now appears in substantially the same form in subsection 187AA 6 inserted by item 8 Item 8 – Information to be kept 62 This item amends the Bill by inserting a proposed section 187AA which lists the information or documents that service providers must retain in order to comply with their data retention obligations 63 The effect of item 8 is to prescribe the data set in primary legislation implementing recommendation 2 of the PJCIS Report 64 Subsection 187AA 1 sets out the data set that service providers must retain The table below sets out explanatory material relating to each of the categories of information or documents that service providers must retain for the purposes of this section 16 Information or documents to be kept Item 1 Topic Description of information Column 1 The subscriber of and accounts services telecommunications devices and other relevant services relating to the relevant service Column 2 The following a any information that is one or both of the following i any name or address information ii any other information for identification purposes relating to the relevant service being information used by the service provider for the purposes of identifying the subscriber of the relevant service b any information relating to any contract agreement or arrangement relating to the relevant account service or device c any information that is one or both of the following i billing or payment information ii contact information relating to the relevant service being information used by the service provider in relation to the relevant service d any identifiers relating to the relevant service or any related account service or device being information used by the service provider in relation to the relevant service or any related account service or device e the status of the relevant service or any related account service or device Explanation This category includes customer identifying details such as name and address It also includes contact details such as phone number and email address This information allows agencies to confirm a subscriber‟s identity or link a service or account to a subscriber This category also includes details about services attached to account such as the unique identifying number attached to a mobile phone or the IP address or addresses allocated to an internet access account or service This category further includes billing and payment information Information about the status of a service can include when an account has been enabled or suspended a relevant service has been enabled or suspended or is currently roaming or a telecommunications device has been stolen The phrases „any information‟ and „any identifiers‟ should be read to mean the information that the provider obtains or generates that meets the description which follows that phrase If the provider has no information that meets the description including because that kind of information does not pertain to the service in question no information needs to be retained For instance if a provider offers a free service and therefore has no billing information no billing information needs to be retained by that provider with respect to that service the provider will need to retain subscriber and transactional data with respect to that service but no billing information needs to be retained Service providers are not required to collect and retain passwords PINs secret questions or token codes which are used for authentication purposes 17 Information or documents to be kept Item 2 Topic Description of information Column 1 The source of a communication Column 2 Identifiers of a related account service or device from which a communication has been sent or attempted to be sent by means of the relevant service Explanation Identifiers for the source of a communication may include but are not limited to the phone number IMSI IMEI from which a call or SMS was made identifying details such as username address number of the account service or device from which a text voice or multi-media communication was made examples include email Voice over IP VoIP instant message or video communication the IP address and port number allocated to the subscriber or device connected to the internet at the time of the communication or any other service or device identifier known to the provider that uniquely identifies the source of the communication In all instances the identifiers retained to identify the source of the communication are the ones relevant to or used in the operation of the particular service in question 18 Information or documents to be kept Item 3 Topic Description of information Column 1 The destination of a communication Column 2 Identifiers of the account telecommunications device or relevant service to which the communication a has been sent or b has been forwarded routed or transferred or attempted to be forwarded routed or transferred Explanation Paragraph 187A 4 b puts beyond doubt that service providers are not required to keep information about subscribers‟ web browsing history The destination of a communication is the recipient Identifiers for the destination of a communication may include but are not limited to the phone number that received a call or SMS identifying details such as username address or number of the account service or device which receives a text voice or multi-media communication examples include email VoIP instant message or video communication the IP address allocated to a subscriber or device connected to the internet at the time of receipt of the communication or any other service or device identifier known to the provider that uniquely identifies the destination of the communication For internet access services the Bill explicitly excludes anything that is webbrowsing history or could amount to webbrowsing history such as a URL or IP address to which a subscriber has browsed In all instances the identifiers retained to identify the destination of the communications are the ones relevant to or used in the operation of the particular service in question If the ultimate destination of a communication is not feasibly available to the provider of the service the provider must retain only the last destination knowable to the provider 19 Information or documents to be kept Item 4 5 Topic Description of information Column 1 The date time and duration of a communication or of its connection to a relevant service Column 2 The date and time including the time zone of the following relating to the communication with sufficient accuracy to identify the communication a the start of the communication b the end of the communication c the connection to the relevant service and d the disconnection from the relevant service The type of a communication and relevant service used in connection with a communication The following a the type of communication Examples Voice SMS email chat forum social media b the type of the relevant service Examples ADSL Wi-Fi VoIP cable GPRS VoLTE LTE c the features of the relevant service that were or would have been used by or enable for the communication Examples call waiting call forwarding data volume usage Explanation For phone calls this is simply the time a call started and ended For internet sessions this is when a device or account connects to a data network and ends when it disconnected – those events may be a few hours to several days weeks or longer apart depending on the design and operation of the service in question The type of communication means the form of the communication for example voice call vs internet usage The type of the relevant service 5 b provides more technical detail about the service For example for a mobile messaging service whether it is an SMS or MMS Data volume usage applicable to internet access services refers to the amount of data uploaded and downloaded by the subscriber This information can be measured for each session or in a way applicable to the operation and billing of the service in question such as per day or per month Note This item will only apply to the service provider operating the relevant service see paragraph 187A 4 c 20 Information or documents to be kept Item 6 Topic Description of information Column 1 the location of equipment or a line used in connection with a communication Column 2 The following in relation to the equipment or line used to send or receive the communication a the location of the equipment or line at the start of the communication b the location of the equipment or line at the end of the communication Examples Cell towers Wi-Fi hotspots Explanation Location records will be limited to the location of a device at the start and end of a communication such as a phone call or Short Message Service SMS message For services provided to a fixed location such as an ADSL service this requirement can be met with the retention of the subscriber‟s address Paragraph 187A 4 e of the Bill provides that location records are limited to information that is used by a service provider in relation to the relevant service This would include information such as which cell tower Wi-Fi hotspot or base station a device was connected to at the start and end of communication Service providers will not be required to keep continuous real-time or precise location records such as the continuous GPS location of a device These limitations seek to ensure that the locations records to be kept by service providers will not allow continuous monitoring or tracking of devices 65 Subsection 187AA 2 permits the Minister the power to make a declaration to modify the data set provided for in subsection 187AA 1 Subsection 187AA 2 is subject to subsections 187AA 3 - 4 which set out when such a declaration will be in force and the Minister‟s powers in relation to the declarations 66 Subsections 187AA 2 - 5 implement Recommendation 3 of the PJCIS Report 67 Subsection 187AA 2 allows the Minister to amend the dataset on a temporary basis by issuing a declaration This is designed to cover a situation in which future technologies or changing telecommunications practices require amendments to the data set to ensure the data retention scheme continues to meet its underlying purpose 68 Paragraph 187AA 3 a provides that the declaration will come into force either when it is made or on a later day specified in the declaration Paragraph 187AA 3 b provides that the declaration ceases to be in force after 40 sitting days of either House of Parliament after the declaration comes into force The time to expiry of the declaration will only commence once the declaration comes into force which may be later than when it is made 21 69 Subsection 187AA 4 requires that when a bill is introduced into either House of Parliament to permanently amend the data set or any of the limitations on the data set In those circumstances the Minister must refer the amendment to the PJCIS and give the PJCIS at least 15 sitting days of a House of Parliament to conduct its review and issue its report 70 Subsection 187AA 5 provides that in relation to the telecommunications data required to be retained in items 2 3 4 and 6 in the dataset in subsection 187AA 1 two or more communications that together constitute a single communications session are taken to be a single communication This provision is substantially the same as proposed subsection 187A 7 in the Bill which is removed by item 7 71 Subsection 187AA 5 ensures that providers are not required to record the source destination time date and duration of a communication or the location of a device throughout a communications session For example a smartphone connected to a mobile data network may have multiple applications running in the background each of which may routinely communicate with remote servers such as to seek and obtain updates As such the smartphone may send and receive a near-continuous stream of communications However these communications may together constitute a single communications session Absent this provision providers could for example be required to record the location of the device on a near-continuous basis The effect of the provision is that providers of mobile internet access services will only be required to record prescribed location information for the overall communication rather than its constituent components 72 Whether a series of communications constitutes a single communications session is a question of technical fact and will depend upon the objective operation of the provider‟s network or service This question should not be determined from the user‟s perspective as the provider subject to data retention obligations will generally be unable to assess a user‟s intentions in this regard and in many cases users are unlikely to be aware of when their device is communicating such as when applications installed on a smartphone or computer automatically seek and receive updates Item 9 – The Communications Access Coordinator may consult with the Privacy Commissioner 73 This item introduces subsection 187B 2A which enables the Communications Access Co-ordinator the CAC to consult the Privacy Commissioner before making a declaration that data retention obligations apply to an otherwise exempt relevant service 74 This item implements recommendation 13 of the PJCIS Report by enabling the CAC to consult with the Privacy Commissioner where there is uncertainty or a need for clarification before a declaration is made Item 10 – Privacy considerations for the Communications Access Co-ordinator 22 75 This item introduces paragraphs 187B 3 ba and bb which require the CAC to have regard to the objects of the Privacy Act 1988 the Privacy Act and any submissions made by the Privacy Commissioner as a result of consultations under proposed subsection 187B 2A when considering whether to make a declaration 76 This item implements recommendation 13 of the PJCIS Report by requiring the CAC to consider the objects of the Privacy Act when considering whether to make a declaration under proposed subsection 187B 2 that the data retention obligation applies to an otherwise exempt relevant service Item 11 – Communications Access Co-ordinator to give written notice of declaration 77 This item introduces subsections 187B 6 and 7 which requires the CAC to give written notice of a declaration to the Minister under subsection 6 who will in turn give the written notice to the PJCIS under subsection 7 as soon as practicable 78 This item implements recommendation 13 of the PJCIS Report by requiring the CAC to notify the PJCIS of any declaration made under section 187B 2 that the data retention obligation applies to an otherwise exempt relevant service as soon as practicable after it is made Item 12 – Ensuring the confidentiality of information 79 This item amends the Bill by inserting proposed section 187BA This item gives effect to recommendation 37 of the PJCIS Report 80 This item supplements the obligations of service providers under Australian Privacy Principle APP 11 1 to „take such steps as are reasonable in the circumstances to protect the information from misuse interference and loss and from unauthorised access modification or disclosure ‟ Item 29 amends the Bill to provide that the Privacy Act applies to all service providers to the extent that the service provider‟s activities relate to retained data Further item 29 will provide that information and documents kept by a service provider in complying with proposed Part 5-1A are personal information within the meaning of the Privacy Act and so must be protected in accordance with APP 11 1 This item also supplements the obligations of carriage service providers under clause 4 6 3 of the Telecommunications Consumer Protection Code C628 2012 to „have robust procedures to keep its Customers‟ Personal Information in its possession secure and restrict access to personnel who are authorised by the Supplier ‟ 81 This item requires service providers to protect the confidentiality of information or documents kept in accordance with proposed section 187A Service providers are required to protect these records in two ways by encrypting the information and by protecting the information from unauthorised interference or unauthorised access 23 82 This item does not prescribe a particular type of encryption the decision about how to implement the encryption required by this proposed item will be a matter for the service provider to determine in light of all the circumstances including in particular the technical configuration of the system or systems used to keep information required to be retained under proposed section 187A and whether a particular method or set of methods of encryption will be adequate to protect the confidentiality of that information 83 Where a service provider encrypts retained data the service provider must retain the technical capability to decrypt and disclose relevant retained data in a useable form in accordance with a lawful request or requirement under the TIA Act or Telecommunications Act 84 Service providers must also put in place measures that protect against unauthorised interference or access to information retained in accordance with proposed section 187A However this item does not prescribe particular measures that must be put in place to afford such protection the decision about how to implement the protections required by this proposed paragraph will be a matter for the service provider to determine in light of all the circumstances including in particular the technical configuration of the system or systems used to keep information required to be retained under proposed section 187A and whether a particular measure or set of measures will be adequate to protect the confidentiality of that information 85 Under proposed Division 2 of Part 5-1A as amended by items 12-19 a service provider may seek approval of a data retention implementation plan that replaces the service provider‟s obligations under proposed section 187BA while the plan is in force Additionally under proposed Division 3 of Part 5-1A as amended by item 24 a service provider may apply for and receive an exemption from or variation to the service provider‟s obligations under proposed section 187BA An example of a situation in which such an exemption or variation might be appropriate would be where the cost of encrypting a legacy system that was not designed to be encrypted would be unduly onerous and the service provider has identified alternative information security measures that could be implemented An exemption however would not normally be appropriate where fulfilling the data protection obligations would be merely inconvenient Item 13 – Period for keeping information or documents 86 This item amends the Bill by removing the reference to paragraph 187A 2 a in paragraph 187C 1 a which prescribes the period for which data must be kept and substituting a reference to paragraphs a and b in column 2 of item 1 of the table in subsection 187AA 1 87 This amendment is consequential on the insertion of the data set into the primary legislation by item 8 24 88 The effect of this item will be to provide that where information or documents relate to subscriber information specified in item 1 of the table in subsection 187AA 1 service providers must keep the information or documents from when they were created until two years after the closure of the relevant account 89 The purpose of paragraph 187C 1 a is to ensure subject to the amendments made by item 14 that subscriber records specified in paragraphs a and b of column 2 of item 1 of the table associated with an account are available throughout the life of the account and for as long as records relating to communications sent using that account are retained This is intended to ensure that necessary information is available to establish a connection between communications data to be retained and the subscriber to the communications service Item 14 - Period for keeping information or documents 90 This item amends the Bill by removing the reference to paragraph 187A 2 a in subsection 187C 2 and substituting a reference to paragraphs a and b in column 2 of item 1 of the table in subsection 187AA 1 91 This amendment is consequential on the deletion of subsection 187A 2 by item 3 and the insertion of the data set into the primary legislation by item 8 92 The effect of this item is to provide that regulations can prescribe that certain subscriber information specified in paragraphs a and b of column 2 of item 1 of the table in subsection 187AA 1 is only required to be retained for a period of two years after it comes into existence rather than for the period commencing when it comes into existence and expiring two years after the closure of the relevant account Item 15 – Ensuring the confidentiality of information 93 This item amends the Bill by inserting a reference to proposed section 187BA which imposes information protection obligations in relation to retained data into proposed section 187D This item implements the relevant parts of recommendation 37 of the PJCIS Report in relation to the encryption of retained data 94 The effect of this item is that while an approved data retention implementation plan is in force it has the effect of replacing a service provider‟s obligations in relation to the protection of retained data with information security obligations set out in the approved plan These obligations may but would not necessarily differ from the obligations set out in proposed section 187BA Items 16 17 18 and 19 – Ensuring the confidentiality of information 95 These items amend the Bill by inserting references to proposed section 187BA in relation to the protection of retained data into proposed section 187E which permits a provider to seek approval of a data retention implementation plan These items implement the relevant parts of recommendation 37 of the PJCIS Report 25 96 The effect of these items is to require a service provider that is applying for approval of a data retention implementation plan under proposed section 187E to specify its current information security practices details of the interim information security arrangements the provider proposes to implement under the plan if approved and the day by which the service provider will comply with the obligations under proposed section 187BA Items 20 and 21 – Ensuring the confidentiality of information 97 These items amend the Bill by inserting references to proposed section 187BA in relation to the protection of retained data into proposed section 187F of the Bill which governs the CAC‟s consideration of implementation plan applications These items implement the relevant parts of recommendation 37 of the PJCIS Report 98 The effect of these items is to require the CAC to consider inter alia the desirability of a service provider achieving substantial compliance with its information security obligations in relation to retained data under proposed section 187BA as soon as practicable and the extent to which the plan would reduce the regulatory burden imposed on the service provider under proposed Part 5-1A including proposed section 187BA 99 Where at the time of applying for approval of a data retention implementation plan a service provider is not compliant with proposed section 187BA the CAC will be required to consider the reasons for the non-compliance Reasons for non-compliance that may weigh in favour of the plan being approved or being given back to the service provider with only minor requests for amendment may include for example that the service provider has made its application shortly after the commencement of proposed section information security obligations and so has not yet modified its existing systems to achieve full compliance or that a service offered by the service provider has only recently become subject to Part 5-1A for example as the result of the service being acquired or modified such that it is now a „relevant service‟ Item 22 – Technical correction 100 This item amends proposed subsection 187H 2 by omitting „the end of ‟ This item corrects an error in drafting Item 23 – Technical correction 101 This item amends proposed paragraph 187K 3 b by substituting „exemption‟ with „decision ‟ This item corrects an error in drafting Item 24 – Ensuring the confidentiality of information 102 This item amends the Bill by inserting a reference to the information security obligations under proposed section 187BA into proposed section 187K This item implements the relevant parts of recommendation 37 of the PJCIS Report 26 103 Proposed section 187K will empower the CAC to exempt or vary the obligations to which a service provider is subject under proposed Part 5-1A of the TIA Act including the information security obligations under proposed section 187BA This item amends proposed paragraph 187K 7 e to require the CAC before making a decision about such an exemption or variation to take into account any alternative information security arrangements that the service provider has identified This provision acknowledges that encryption in particular will not always be the most appropriate information security measure especially in relation to legacy systems that were not designed to be encrypted The purpose of this provision is to ensure that the CAC is able to consider alternative information security arrangements that a service provider has identified as being appropriate to implement when considering whether to partially exempt or to vary a service provider‟s information security obligations under proposed section 187BA Item 25 – Review of exemption or variation decisions by the ACMA 104 This item amends the Bill by inserting proposed section 187KA implementing recommendation 15 of the Report of the PJCIS 105 Under the Bill the ACMA will have the ability to determine disputes in relation to applications for data retention implementation plans including applications for amendment This item will provide the ACMA with the additional role to determine disputes when a service provider has applied to the CAC for an exemption or variation from the data retention obligations As such this amendment to the Bill will ensure a consistent approach to disputes between the CAC and service providers regarding the application of data retention obligations Item 26 – Capital contribution 106 This item amends the Bill by inserting proposed section 187KB This amendment is consistent with recommendation 16 of the PJCIS report on the Bill 107 Proposed section 187KB will provide legislative authority for the Commonwealth to grant financial assistance to service providers to assist them to comply with obligations imposed by the data retention scheme The terms and conditions of the financial assistance are to be set out in agreements entered into with service providers by the Minister on behalf of the Commonwealth The financial assistance is to be provided out of money appropriated by the Parliament Item 27 – Applications to be kept confidential 108 Item 27 amends the Bill by inserting a proposed subsection 187L 1A Proposed subsection 187L 1A requires ACMA to keep confidential any application by a service provider for a review that it receives under subsection 187KA 1 The ACMA will be unable to disclose the service provider‟s application without the written permission of the service provider 27 109 However this confidentiality requirement does not prevent ACMA providing the application to the CAC and relevant enforcement agencies and security authorities as subsection 187KA 3 requires the ACMA to provide those agencies or authorities with a copy of the application This ensures that those agencies and authorities are appropriately consulted 110 A service provider‟s application for a review will include details about specific business processes such as technical network infrastructure specifications which may be commercially sensitive The obligation on the ACMA as well as any agencies or authorities that the application was disclosed to to treat such applications as confidential reflects the sensitivity of the information contained in such applications from both a commercial and security perspective Item 28 – Applications to be kept confidential 111 Item 28 amends the Bill by substituting new confidentiality requirements in subsection 187L 2 of the Bill Item 28 will require the ACMA the CAC and any enforcement agency or security authority to keep confidential any copy it receives of a service provider‟s application for approval of a data retention implementation plan exemption from or variation of data retention obligations review of a CAC decision in relation to exemption or variation of data retention obligations 112 The principal purpose of this item is to ensure that the CAC and any enforcement agencies or security authorities keep confidential copies of exemption review applications they receive from the ACMA under section 187KA 3 113 This item also substitutes a reference in the current subsection 187L 2 of the Bill to „paragraph 187G 1 a ‟ with a reference to „subsection 187G 1 ‟ This is a technical correction to ensure that the ACMA is required to keep confidential copies of data retention implementation plan applications it receives from the CAC under subsection 187G 1 The ACMA receives such copies under subsection 187G 1 rather than paragraph 187G 1 a Enforcement agencies and security authorities will continue to be required to keep copies of such applications they receive under subsection 187G 1 confidential Item 29 – Application of the Privacy Act 114 This item amends the Bill by inserting a new proposed section 187LA This item in conjunction with items 37 and 38 implements recommendations 24 and 35 of the PJCIS Report 115 Proposed subsection 187LA 1 provides that the Privacy Act applies in relation to a service provider to the extent that the activities of the service provider relate to retained data The effect of this provision is that the Privacy Act and the Australian Privacy Principles 28 APPs will apply to all service providers as though they were „organisations‟ including service providers that would otherwise be exempt from the Privacy Act under the „small business operator‟ „registered political party‟ „agency‟ „State or Territory authority‟ or „prescribed instrumentality of a State or Territory‟ exemptions contained in section 6C of the Privacy Act However this provision applies only to the extent that the activities of the service provider relate to retained data including for example the collection storage use disclosure including cross-border disclosure individual access de-identification and destruction of retained data 116 Proposed subsection 187LA 2 provides that information or documents kept under proposed Part 5-1A are taken to be „personal information‟ within the meaning of the Privacy Act relating to an individual if the information relates to the individual or to a communication to which the individual is or was a party Under the standard definition of personal information what constitutes personal information will vary depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances As a result not all information held by service providers may fall within the standard definition of personal information This item expands the definition of personal information ensuring that all retained data kept by service providers in accordance with Part 5-1A is personal information within the meaning of the Privacy Act 117 As a result of proposed section 187LA individuals will be able to request access to their personal retained data in accordance with APP 12 removing uncertainty about whether particular types of retained data are personal information This right of access will continue to be subject to the Privacy Act and APPs In particular service providers will be able to charge an individual for giving access in accordance with APP 12 8 and where an individual requests access to information about communications to which they were a party that information will generally also be the personal information of at least one other individual being the other party to the communication 118 Regarding cost recovery in civil litigation proceedings service providers will be able to apply for reimbursement once they have been served with a subpoena to produce evidence In civil litigation proceedings cost recovery is subject to the relevant court rules and procedures as for example section 15A 10 of the Federal Circuit Court Rules 2001 Service providers will also be required to comply with the information security obligations contained in APP 11 1 in relation to all retained data and will be required to de-identify or destroy retained data at the expiry of the retention period unless one of the circumstances in paragraphs b c or d of APP 11 2 applies Items 30 – Review of operation of Part 5-1A of the TIA Act 119 Item 30 amends the Bill by omitting subsection 187N 1 and substituting proposed subsection 187N 1 29 120 Subsection 187N requires the PJCIS to review the data retention regime as soon as possible after the third anniversary of the end of the implementation phase The PJCIS recommended that the commencement date for the review be reduced from three years to two The PJCIS also recommended that its report on the review be presented to Parliament no later than three years after the end of the implementation period 121 Item 30 implements recommendation 30 of the PJCIS Report specifying that the review must start on or before the second anniversary of the end of the implementation phase and finish on or before the third anniversary of the end of the implementation phase Item 31 – Record-keeping for review of operation of Part 5-1A of the TIA Act 122 Item 31 inserts subsections 187N 3 4 and 5 to require the head of an agency to keep until the PJCIS review of the data retention scheme is completed a copy of all authorisations made under Chapter 4 of the TIA Act a copy of all journalist information warrants and authorisations made under those warrants made under Chapter 4 of the TIA Act as well as information reported each year to the Minister relating to the agency‟s access to historic telecommunications data This will ensure that the PJCIS review of the data retention scheme in proposed section 187N will have access to comprehensive information held by agencies on their access to telecommunications data 123 This item implements recommendation 31 of the PJCIS Report that agencies be required to collect and retain information necessary to inform the Committee‟s review of the data retention scheme Item 32 – Annual reports 124 Item 32 inserts proposed subsection 187P 1A This item implements recommendation 33 of the PJCIS report by requiring that the Annual Report prepared under proposed subsection 187P 1 contain information on the costs incurred by service providers in complying with their proposed obligations and the use of data retention implementation plans Items 33 and 34 – Amendments to the ASIO Act 125 Items 33 and 34 insert amending items 1A-1D in Schedule 1 to the Bill These items will amend the Australian Security Intelligence Organisation Act 1979 ASIO Act to implement the Government‟s response to PJCIS recommendation 33 insofar as it applies to ASIO that annual reports on the data retention scheme should cover certain matters These relate to the number and types of purposes of authorisations to access retained data lengths of time for which relevant documents covered by the authorisations were held and the number of authorisations that related to subscriber data and communications traffic data respectively 30 126 Amending items 1A-1D amend the reporting requirements in subsection 94 2A of the ASIO Act to ensure that these matters are included in ASIO‟s annual reports in relation to ASIO‟s telecommunications data access Subsection 94 2A will be amended to include the number of journalist information warrants issued during the reporting period and the number of authorisations made under those journalist information warrants Annual reports including this information are subject to Minister‟s discretion under subsection 94 5 to make deletions from the report to be tabled in Parliament in accordance with subsection 94 4 in order to avoid prejudice to security defence international affairs or the privacy of individuals The Inspector-General of Intelligence and Security IGIS can request classified annual reports in accordance with the Inspector-General of Intelligence and Security Act 1986 the IGIS Act Item 35 and 36 – Amendments to Intelligence Services Act 2001 127 Amendments 35 and 36 insert amending items 1E-1G in Schedule 1 to the Bill These items will amend the Intelligence Services Act 2001 the ISA principally to implement the Government‟s response to recommendation 34 of the PJCIS advisory report on the Bill The PJCIS recommended it be conferred a new statutory function in section 29 of the ISA enabling it to conduct inquiries into the purpose and manner of access of retained data by ASIO and AFP arising from relevant annual reports made on the data retention scheme This includes where this goes to a review of operational matters 128 Subsection 29 3 of the ISA reflects that it is not a function of the PJCIS to examine operational matters or matters beyond those pertaining to intelligence and security That existing provision reflects a principle that operational oversight of Australia‟s intelligence security and law enforcement agencies is conducted principally by independent statutory bodies – including the IGIS and the Ombudsman – which report to the relevant responsible Minister 129 Consistent with this division of responsibilities amending items 1E-1G will confer upon the PJCIS a new function to conduct a review of the overall effectiveness of the operation of the data retention scheme in relation to the activities of ASIO and the AFP in relation to AFP investigations under Part 5 3 of the Criminal Code 1995 where those activities are the subject of the relevant annual reporting requirements applying to ASIO and the AFP under the ASIO Act and TIA Act respectively The PJCIS will be able to inquire into operational matters concerning the relevant data access activities of ASIO covered in their annual report and the AFP covered in the TIA Act annual report to the extent that such operations are relevant to the Committee‟s overall assessment of the effectiveness of the data retention scheme in proposed Part 5-1A of the TIA Act 130 Amending item 1E will insert definitions of new terms in section 3 of the ISA „retained data activity‟ and „service provider‟ which are used in the provisions of section 29 conferring the PJCIS‟s new function 31 131 Amending item 1F will insert new paragraphs 29 1 bc bd and be New paragraph 29 1 bc makes explicit that it is a statutory function of the PJCIS to conduct its review of the data retention scheme under proposed s 187N of the TIA Act following completion of the implementation phase New paragraphs 29 1 bd and be provide respectively for the PJCIS‟s new inquiry function of the data retention activities of ASIO and the AFP in relation to investigations under Part 5 3 of the Criminal Code in response to PJCIS recommendation 34 The scope of the new inquiry function in paragraph 29 1 be in relation to the activities of the AFP pertaining to Part 5 3 of the Criminal Code is consistent with the PJCIS‟s existing functions in relation to the AFP under subsection 29 1 of the ISA 132 Amending item 1G will set out the parameters for the PJCIS‟s performance of the new function by inserting proposed subsections 29 4 and 29 5 Proposed subsection 29 4 will provide that the PJCIS can examine matters relating to particular operations of ASIO and the AFP with respect to retained data activities covered in the ASIO annual report and the TIA Act annual report respectively This is a limited exemption from the prohibitions on inquiring into operational matters in paragraphs 29 3 c and 29 3 k 133 New paragraph 29 5 a provides that the PJCIS‟s examination of particular operational matters under proposed subsection 29 4 is to be performed for the sole purpose of assessing and making recommendations about the overall operation and effectiveness of the data retention scheme New paragraph 29 5 c also makes explicit that the new function cannot be performed for any other purpose than that set out in new paragraph a of the subsection These provisions are necessary to preserve the focus of the PJCIS on non-operational matters and to avoid overlap or duplication with the operational oversight of the IGIS and Ombudsman while also enabling the PJCIS to access operational information for the purpose of performing its new function 134 New paragraph 29 5 b further qualifies that the new inquiry function is limited to the activities of ASIO and the AFP in relation to Part 5 3 of the Criminal Code and does not permit reviewing the activities of „service providers‟ as defined in section 3 by reference to that term in the TIA Act This reflects the intention of the PJCIS in recommendation 34 to facilitate Parliamentary oversight of the purpose and manner of access to retained data by ASIO and the AFP 135 All of the PJCIS‟s statutory functions will continue to be governed by the procedural arrangements in Schedule 1 to the ISA These include the protections for operationally sensitive information and other information which if released would or might prejudice national security or foreign relations as set out in Parts 1 and 2 of Schedule 1 The Government further intends to work with the PJCIS to develop practical arrangements for the conduct of its new inquiry function It is anticipated that these working arrangements may address such matters as the timing of inquiries strategies for avoiding overlap with extant oversight activities of the IGIS and Ombudsman and arrangements for requesting providing and protecting operational and other sensitive information 32 Items 37 and 38 – Amendments to the Privacy Act 136 Amending item 1H amends the Privacy Act to insert a note at the end of the definition of „personal information‟ contained in subsection 6 1 to draw attention to the extension by the TIA of the meaning of personal information to cover information kept under the data retention scheme 137 Amending item 1J repeals and replaces the existing explanatory note to the definition of „organisation‟ in subsection 6C 1 of the Privacy Act This note clarifies that under proposed section 187LA service providers are treated as organisations for the purposes of the Privacy Act in relation to the retention of data under Part 5-1A of the TIA Act Service providers are therefore an „APP entity‟ under the Privacy Act and must comply with the APPs in relation to their activities under Part 5-1A of the TIA Act Items 39 and 40 – Access to retained data in connection with civil litigation 138 Item 39 and 40 amend the Bill by amending sections 280 and 281 of the Telecommunications Act to give effect to recommendation 23 of the PJCIS Report 139 Currently subsection 280 1 of the Telecommunications Act provides that the prohibitions on the disclosure of certain communications-related information and documents under Division 2 of Part 13 of that Act do not apply other than where the disclosure is in connection with the operation of an enforcement agency within the meaning of the TIA Act where the disclosure is required or authorised by or under law Item 39 will insert a new item 3A to Part 2 of Schedule 1 of the Bill that will insert proposed subsections 280 1B and 1C to the Telecommunications Act 140 The effect of proposed subsection 280 1B will be that paragraph 280 1 b does not apply in circumstances where all of the criteria specified in paragraphs 280 1B a to c are satisfied Paragraph 280 1B a will be satisfied where the disclosure is required or authorised because of a subpoena a notice of disclosure or an order of a court in connection with a civil proceeding 141 Telecommunications data that is retained by service providers for their ordinary business purposes or for other regulatory purposes is currently accessed in the course of many civil proceedings The purpose of proposed paragraph 280 1B b is to ensure that the prohibition applies only to telecommunications data that is collected and retained only for the purpose of complying with proposed Part 5-1A and that is used by the service provider only for that purpose a limited range of defined public interest purposes or for purposes incidental to any of those purposes 142 An example of a purpose incidental to the purpose listed in proposed subparagraph 280 1B c i complying with proposed Part 5-1A of the TIA Act would be to develop test or maintain the systems used to retain data under proposed Part 5-1A An example of a 33 purpose incidental to the purposes listed in proposed subparagraphs 280 1B c ii iii or iv complying with a warrant issued or authorisation made under the TIA Act or with a request or requirement provided for by sections 284 to 288 of the Telecommunications Act or a request to provide a person with access to their personal information under the Privacy Act would be using or disclosing information or documents for the purpose of seeking legal advice in relation to the warrant authorisation request or requirement 143 This provision thereby ensures that telecommunications data that is collected retained or used for a service provider‟s ordinary business purposes or other purposes unrelated to the data retention obligation continues to be available for such proceedings 144 Proposed paragraph 280 1C a provides that the prohibition contained in proposed subsection 280 1B does not apply in circumstances of a kind prescribed by the regulations As noted above telecommunications data is currently accessed by parties to many civil proceedings including proceedings relating to international child abduction family violence and personal injury or economic harm as a result of negligence or professional malpractice As the requirement for access will depend substantially on the facts and circumstances of each individual civil proceeding any limit on the availability of such information would have the potential to prejudice the legitimate rights and interests of claimants or respondents in such proceedings Therefore a regulation-making power is required to enable the creation of regulations to prescribe further circumstances for where the prohibition in paragraph 280 1B would not apply 145 Proposed paragraph 280 1C b provides that the prohibition contained in proposed subsection 280 1B does not apply in relation to disclosures to enforcement agencies A number of enforcement agencies currently obtain access to telecommunications data in the course of civil proceedings such as actions for the proceeds of crime or in relation to control orders made under Division 104 of the Criminal Code 146 Proposed paragraph 280 1C c provides that the prohibition contained in proposed subsection 280 1B does not commence until the end of the implementation phase for proposed Part 5-1A of the TIA Act This provision ensures that the prohibition does not commence until the proposed data retention scheme is implemented 147 Currently section 281 of the Telecommunications Act provides that the prohibitions on the disclosure of certain communications-related information and documents under Division 2 of Part 13 of that Act do not apply in relation to a disclosure made by a person of information or a document if the person makes the disclosure as a witness summoned to give evidence or to produce documents 148 Item 40 will insert a new item 3C to Part 2 of Schedule 1 of the Bill that will insert proposed subsections 281 2 and 3 to the Telecommunications Act The purpose of these proposed subsections is substantially similar to the purpose of proposed subsections 280 1B and 1C of the Telecommunications Act being to prohibit the disclosure by a witness in civil 34 proceedings of information or documents that have been kept by a service provider solely for the purpose of complying with proposed Part 5-1A of the TIA Act and that are not used by the service provider only for that purpose a limited range of defined public interest purposes a purpose prescribed by the regulations or for purpose incidental to the abovementioned purposes 149 Proposed subsection 281 3 contains exceptions to this prohibition which are similar to those in proposed subsection 280 1C In particular proposed paragraph 281 3 a contains a regulation-making power which has the same purpose as the regulation-making power that would be established by proposed paragraph 280 1C a Item 41 – Definitions Definition of ‘Defence Minister’ 150 This item inserts a definition of „Defence Minister‟ into subsection 5 1 of the TIA Act The „Defence Minister‟ has the same meaning as given in the Intelligence Services Act 2001 Definition of ‘Foreign Affairs Minister’ 151 This item inserts a definition of „Foreign Affairs Minister‟ into subsection 5 1 of the TIA Act The „Foreign Affairs Minister‟ has the same meaning as given in the Intelligence Services Act 2001 Definition of ‘Public Interest Advocate’ 152 This item inserts a definition for the term „Public Interest Advocate‟ into the newly created section 180X of the Bill A „Public Interest Advocate is defined as a person whose appointment is in force under section 180X 1 Definition of ‘Journalist Information warrant’ 153 This item inserts a definition for the term „journalist information warrant‟ into subsection 5 1 of the TIA Act A „journalist information warrant‟ means a warrant issued under Division 4C of Part 4-1 Definition of ‘IGIS official’ 154 This item inserts a definition of the term „IGIS official‟ into subsection 5 1 of the TIA Act An „IGIS official‟ has the same meaning as section 4 of the Australian Security Intelligence Organisation Act 1979 35 Definition of ‘implementation phase’ 155 This item also inserts a definition of „implementation phase‟ by stating it has the meaning given in subsection 187H 2 which states the implementation phase is the period of 18 months starting on the commencement of the data retention obligations Definition of ‘infrastructure’ 156 This item inserts a definition for the term infrastructure into subsection 5 1 of the TIA Act It defines infrastructure as it is used in proposed paragraph 187A 3 c to mean any line or equipment used to facilitate communications across a telecommunications network 157 The term infrastructure is used as part of the three limb test in paragraphs 187A 3 a b and c which defines a relevant service „Equipment‟ is defined in section 5 of the Act which states equipment means any apparatus or equipment used or intended for use in or in connection with a telecommunications network and includes a telecommunications device but does not include a line Section 5 of the Act defines „line‟ by reference to the definition in the Telecommunications Act Section 7 of the Telecommunications Act states a line is a wire cable optical fibre tube conduit waveguide or other physical medium used or for use as a continuous artificial guide for or in connection with carrying communications by means of guided electromagnetic energy 158 Servers used to operate an „over the top‟ service such as VoIP would fall within the definition of infrastructure However „infrastructure‟ is not intended to include business premises For example the headquarters of a company taken in isolation would not satisfy the definition of „infrastructure ‟ 159 Importantly a piece of equipment or line meeting the definition of infrastructure does not automatically satisfy paragraph 187 3 c For instance a computer used by an employee in a company‟s headquarters or marketing office is not directly involved in the provision of a relevant service and therefore does not satisfy paragraph 187 3 c 160 This item implements recommendation 11 of the PJCIS Report by defining the term „infrastructure‟ in greater detail for the purposes of proposed paragraph 187A 3 c Definition of ‘Part 4-1 issuing authority’ 161 This item inserts a definition for the term „Part 4-1 issuing authority‟ into subsection 5 1 of the TIA Act A „Part 4-1 issuing authority‟ is defined as a person whose appointment is in force under section 6DC 36 Definition of ‘related account service or device’ 162 This item also inserts a definition of „related account service or device‟ in relation to a service to which Part 5-1A applies This definition is used in proposed section 187AA Definition of ‘retained data’ 163 This item also inserts a definition for „retained data‟ which defines it as information or documents that a service provider is or has been required to keep under Part 5-1A of the TIA Act Definition of ‘service provider’ 164 This item also inserts a definition of „service provider‟ by stating it has the meaning given in subsection 187A 1 which provides that it is a person who operates a service to which new Part 5-1A applies Definition of ‘source’ 165 This item inserts a definition of „source‟ into subsection 5 1 of the TIA Act to support the journalist information warrant provisions This definition is expressed not to apply to item 2 of the table in subsection 187AA 1 where source takes on its natural meaning in the context of a telecommunication Item 42 – Issuing authorities 166 This item inserts proposed section 6DC into the TIA Act which provides that the Minister responsible for the administration of the TIA Act can by writing appoint a judge of the federal court including a judge of the Federal Court of Australia Family Court of Australia or a Federal Magistrate or a magistrate where those persons have consented in writing to be appointed as an issuing authority to be an issuing authority for the purposes of issuing a journalist information warrant 167 The amendment will also allow the Minister to appoint a person who holds an appointment to the Administrative Appeals Tribunal as Deputy President full-time senior member part-time senior member or member including a part-time or full-time member who is enrolled and has been enrolled for at least 5 years as a legal practitioner of a federal court or of the Supreme Court of a State or Territory for the same purpose Item 43 – Oversight by the Inspector-General of Intelligence and Security 168 Item 43 amends the Schedule 1 Part 2 of the Bill to insert new amending items 6B and 6C These amending items amend section 64 of the TIA Act and its heading 37 169 The introduction of specific provisions to the TIA Act permitting a person to deal in information in connection with the performance by the IGIS of his or her functions follows the introduction of similarly specific provisions into the ASIO Act by the National Security Legislation Amendment Act No 1 2014 In that context this item seeks to place beyond doubt that a person may deal in the information described in subsection 64 1 and that an IGIS official and another specified person may deal in the information described in subsection 64 2 in connection with the performance by the IGIS of his or her functions Item 44 – Authorisations for access to prospective information or documents 170 Item 44 amends section 176 of the TIA Act which relates to prospective data authorisations made by ASIO Specifically item 44 replaces the current paragraph 176 5 b with two new subparagraphs Subparagraph 176 5 b i states that authorisations under section 176 of the TIA Act end as specified in the authorisation which can be no later than the end of the period of 90 days beginning on the day the authorisation is made Subparagraph 176 5 b ii provides that if the authorisation is made under a journalist information warrant then the end of the authorisation can be no later than the end of the period specified in section 180N being the end of the period for which the warrant is in force 171 In addition item 44 replaces the current subsection 176 6 in relation to the revocation of an authorisation where the eligible person is satisfied the disclosure is no longer required with an expanded revocation provision requiring revocation of authorisations made under a journalist information warrant where that warrant was revoked or the DirectorGeneral is satisfied the grounds on which the warrant was issued have ceased to exist Item 45 – Authorisations for access to prospective information or documents 172 Item 45 amends section 180 of the TIA Act which relates to prospective data authorisations made by criminal law-enforcement agencies Specifically item 45 replaces the current paragraph 180 6 b with two new subparagraphs Subparagraph 180 6 b i states that authorisations under section 180 of the TIA Act end as specified in the authorisation which can be no later than the end of the period of 45 days beginning on the day the authorisation is made Subparagraph 180 6 b ii provides that if the authorisation is made under a journalist information warrant then the end of the authorisation can be no later than the end of the period specified in subsection 180U 3 being the end of period for which the warrant is in force 173 In addition item 45 replaces the current subsection 180 7 in relation to the revocation of an authorisation where the authorised officer is satisfied the disclosure is no longer required with an expanded revocation provision requiring revocation of authorisations made under a journalist information warrant where that warrant was revoked 38 Item 46 – Authorised officer required to be satisfied that access to telecommunications data is justified and proportionate 174 Amending item 6A amends section 180F of the Act by omitting the requirement that an officer authorising the disclosure of data „have regard to whether any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable‟ and inserting a requirement that they „be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate‟ 175 This amending item implements recommendation 25 of the PJCIS Report by requiring the authorised officer making an authorisation under Division 4 or 4A of Part 4-1 of the TIA Act to be satisfied on reasonable grounds that any interference with the privacy of any person or persons that may result from the disclosure or use is justifiable and proportionate 176 Amending item 6B inserts subparagraph 180F aa requiring that the authorised officer must have regard to the gravity of any conduct in relation to which the authorisation is sought including the seriousness of any criminal offence the seriousness of any pecuniary penalty the seriousness of any protection of the public revenue and whether the authorisation is sought for the purposes of finding a missing person when determining whether to disclose or authorise the use of communications Item 47 – Journalist information warrant Division 4C 177 Chapter 4 of the TIA Act regulates how national security and law enforcement agencies may access telecommunications data Item 43 will insert new Division 4C after Part 4-1 of the TIA Act The provisions to be inserted by this new Part will establish a journalist information warrant journalist information warrant This scheme will require ASIO and enforcement agencies to obtain a warrant prior to authorising disclosure of telecommunications data to identify a journalist‟s source The effect of Division 4C is to prohibit ASIO and enforcement agencies from making data authorisations for access to a journalist‟s or their employer‟s data for the purpose of identifying a confidential source unless a journalist information warrant is in force 178 The concept of a „journalist‟ is intended to replicate the current approach in Division 119 of the Criminal Code as amended by the Counter-Terrorism Legislation Amendment Foreign Fighters Act 2014 Subsection 119 2 3 f of the Criminal Code provides that where a person is working in a professional capacity as a journalist or is assisting another person working in a professional capacity as a journalist they are exempted from the general prohibition from entering or remaining in a declared area Similarly an individual is a journalist under Division 4C if they are working as a journalist in a professional capacity Indicators that a person is acting in a professional capacity include regular employment adherence to enforceable ethical standards and membership of a professional body 39 179 Subdivision 4C-A establishes that national security and law enforcement agencies are required to obtain journalist information warrants Subdivision 4C-B establishes the procedures for issuing a journalist information warrant to the Organisation Subdivision 4C-C establishes the procedures for issuing journalist information warrants to enforcement agencies Subdivision A – The requirement for journalist information warrants Proposed section 180G 180 Proposed section 180G provides that an eligible person must not authorise the disclosure of information or documents under Division 3 relating to a particular person without a journalist information warrant An „eligible person‟ is defined under subsections 175 2 and 176 2 of the TIA Act Section 180G applies if that eligible person knows or reasonably believes that particular person is working in a professional capacity as a journalist or is the employer of a journalist and the purpose of making the authorisation is to identify another person the eligible person reasonably believes to be a source Proposed section 180H 181 Proposed subsection 180H 1 provides that an authorised officer of an enforcement agency must not authorise the disclosure of information or documents under section 178 178A 179 or 180 relating to a particular person without a journalist information warrant An „authorised officer‟ is defined in subsection 5 1 of the TIA Act 182 Proposed subsection 180H 2 provides that an authorised officer of the Australian Federal Police must not authorise the disclosure of information or documents under Division 4A in connection with the enforcement of the criminal law of a foreign country relating to a journalist for the purpose of identifying a source A journalist information warrant is not available for this purpose Subdivision B – Issuing journalist information warrants to the Organisation Proposed section 180J 183 Proposed section 180J provides that the Director-General of Security may request that the Minister issue a journalist information warrant in relation to a particular person This request must specify the facts and other grounds on which the Director-General considers it necessary to issue the warrant Proposed section 180K 184 Proposed section 180K provides that the Minister may require the Director-General of Security to provide the Minister within a specified period further information in connection with a request under subdivision B If the Director-General breaches a requirement under 40 subsection 180K 1 the Minister may refuse to consider the request or refuse to take any further action in relation to that request Proposed section 180L 185 Section 180L provides that after considering a request for a journalist information warrant the Minister must either issue a warrant that authorises the Organisation to make data authorisations in relation to a person who is working in a professional capacity as a journalist or refuse to issue a journalist information warrant 186 The Minister must not issue a journalist information warrant unless the Minister is satisfied that the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the source having regard to specified factors These include the anticipated privacy interference the gravity of the matter for which the warrant is sought the assistance the information to be sought would provide whether other reasonable methods if any that would be effective to obtain the information have been used any submissions by a Public Interest Advocate on that application and any other relevant matter 187 Subsection 180L 3 provides that a warrant issued under the section may specify conditions or restrictions relating to making authorisations under the authority of the warrant Proposed section 180M 188 Proposed subsection 180M establishes the procedure for the Director-General of Security to issue journalist information warrants in an emergency Proposed subsection 180M 1 provides that the Director-General may only issue an emergency journalist information warrant if authorised to do so by a Minister listed in subsection 180M 4 or if those Ministers listed in subsection 180M 4 are unavailable The Director-General may issue a journalist information warrant if a request under section 180J has been made for the issue of such a warrant in relation to the particular person and the Director-General is satisfied that security will be or is likely to be seriously prejudiced if the Organisation does not obtain access to the relevant information or documents before the journalist information warrant is issued and made available to the Minister The emergency warrant may be issued if to the knowledge of the Director-General the Minister has not made a decision under section 180L and the Minister has not refused to issue the relevant journalist information warrant 189 Proposed subsection 180M 2 provides that the Director-General may not issue a journalist information warrant unless he or she is satisfied as to the matters set out in subsection 180L 2 a and b 190 Proposed subsection 180M 3 enables a Minister listed in subsection 180M 4 to orally authorise the Director-General to issue a journalist information warrant if they are satisfied of the matters listed in paragraphs 180L 2 a and b 41 191 Proposed subsection 180M 4 provides that where the Director-General is satisfied the Minister is unavailable an oral authorisation may be provided by the Prime Minister Defence Minister and the Foreign Affairs Minister 192 Proposed subsection 180M 5 provides that an emergency authorisation may specify conditions or restrictions relating to issuing the journalist information warrant 193 Proposed subsection 180M 6 requires the Director-General to ensure a written record of the authorisation provided under subsection 180M 3 is made as soon as practicable but no later than 48 hours after the authorisation is given 194 Proposed subsection 180M 7 provides that a journalist information warrant must specify the period for which it remains in force and this period must not exceed 48 hours Proposed subsection 180M 3 does not prevent the Minister from revoking the emergency warrant 195 Proposed subsection 180M 8 provides that the Director-General must provide the Minister with a copy of the warrant and a statement of the grounds on which the warrant was issued and either a copy or the record made under subsection 180M 6 or where a journalist information warrant was issued under subparagraph 180M 1 e ii a summary of the facts of the case justifying the issuing of the warrant 196 Proposed subsection 180M 9 provides that the Director-General must give a copy of the journalist information warrant to the Inspector-General of Intelligence and Security within 3 business days of issuing such a warrant Proposed subsection 180M 10 is intended to ensure proposed subsection 180M 5 has effect despite proposed subsection 185D 1 Proposed section 180N 197 Proposed section 180N provides that a journalist information warrant issued under this Subdivision must specify the period for which it is to remain in force The specified period must not exceed 6 months Proposed section 180P 198 Proposed section 180P provides that the Director-General of Security must take the necessary steps to discontinue the making of authorisations under a journalist information warrant where the Director-General is satisfied that the grounds on which the warrant was issued no longer exist The Director-General must also advise the Minister who under proposed section 180L is the issuing authority for the Organisation in relation to journalist information warrants 42 199 These requirements will ensure that authorisations do not continue to be made where the grounds that supported the issue of the warrant no longer apply Subdivision C – Issuing journalist information warrants to enforcement agencies Proposed section 180Q 200 Proposed section 180Q limits the persons in an enforcement agency who can apply for a confidential information source identification warrant 201 Paragraph 180Q 2 a provides that in the case of enforcement agencies that are also interception agencies authority to apply for a confidential information source identification warrant is limited to the persons that can apply for an interception warrant under subsection 39 2 of the TIA Act 202 Paragraph 180Q 2 b sets out that where an enforcement agency is not an interception agency applications must be made by the chief officer of the agency or an officer of the agency in a management level position that has been nominated by the chief officer of the agency to make applications on the agency‟s behalf This limitation ensures that the need to apply for a journalist information warrant is considered at an appropriately senior level in an agency 203 Subsection 180Q 3 gives the chief officers of enforcement agencies the power to nominate in writing management level offices or positions in their agency the occupants of which can apply on behalf of their agency for a journalist information warrant 204 Subsection 180Q 4 clarifies that nominations made by chief officers under subsection 180Q 3 are not legislative instruments 205 Subsection 180Q 5 specifies that applications for a journalist information warrant on behalf of an enforcement agency may be made in writing or any other form Section 180R 206 Subsection 180R 1 provides that the issuing authority may require the applicant to provide further information in connection with an application for a journalist information warrant 207 Subsection 180R 2 sets out what happens if the enforcement agency does not provide the information the issuing authority requires under subsection 180R 1 In these circumstances the issuing authority can refuse to consider the application or to take any action or any further action in relation to the application 208 The purpose of section 180R is to ensure that an issuing authority can require an enforcement agency to make available to the issuing agency all relevant and necessary 43 information when considering an application for a journalist information warrant Section 180R also makes it clear the issuing authority is not required to consider or act on such an application if that information is not provided Section 180S 209 This item amends the Bill by inserting proposed section 180S concerning oaths and affirmations Subsection 180S 1 provides that information given by enforcement agencies to the issuing authority in connection with an application for a journalist information warrant must be given on oath or affirmation 210 Subsection 180S 2 provides that the issuing authority can administer the oath or affirmation or can authorise another person The oath or affirmation may be administered in person by telephone video call video link or audio link 211 The purpose of section 180S is to ensure that information that the enforcement agency gives to the issuing authority in support of an application for a journalist information warrant complies with the requirements of evidence law for witnesses to take an oath or affirmation before giving evidence Section 180T 212 Section 180T provides that after considering an application for a journalist information warrant under proposed section 180T an issuing authority must either issue a warrant that authorises the requesting agency to make data authorisations in relation to a person who is working in a professional capacity as a journalist or refuse to issue a journalist information warrant 213 The factors that an issuing authority must consider in making a decision are set out in Subsection 180T 2 214 An issuing authority can only issue a journalist information warrant if he or she is satisfied that the warrant is reasonably necessary to enforce the criminal law or locate a person reported as missing to the Australian Federal Police or a State Police Force or enforce a law that imposes a pecuniary penalty or protects the public revenue or investigate serious offences or an offence against a Commonwealth State or Territory law punishable by at least a 3 year imprisonment term and the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of journalists‟ sources 215 The issuing authority must also be satisfied that the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the source having regard to specified factors These include the anticipated privacy interference 44 the gravity of the matter for which the warrant is sought the assistance the information to be sought would provide whether other reasonable methods if any that would be effective to obtain the information have been used any submissions by a Public Interest Advocate on that application and any other relevant matter Section 180U 216 Proposed section 180U requires journalist information warrants issued under the Subdivision to be made in accordance with a form to be prescribed 217 Journalist information warrants must be signed by the issuing authority who issues the warrant and be in the prescribed form Warrants may list any conditions or restrictions that apply to authorisations made under the warrant and must specify the period for which the warrant is in force Under proposed subsection 180U 3 and proposed section 180V journalist information warrants can be in force for up to 90 days commencing the day the warrant is issued 218 Proposed subsection 180U 4 provides that warrants cannot be extended beyond the period they are in force This will ensure that any ongoing operational need to investigate the subject of a journalist information warrant is considered afresh by an issuing authority under the criteria set out in proposed section 180U Proposed subsection 180U 5 clarifies that while a journalist information warrant cannot be extended a further warrant can be issued under the TIA Act in relation to a person previously the subject of a warrant under the Act Proposed section 180V 219 Proposed section 180V provides that a journalist information warrant comes into force when it is issued Proposed section 180W 220 Proposed 180W outlines the revocation of a journalist information warrant Paragraph 180W 1 a states that the chief officer may revoke such a warrant at any time Paragraph 180W 1 b provides that the chief officer of an enforcement agency must revoke such a warrant if satisfied that the grounds on which the warrant were issued to the agency have ceased to exist 45 Subdivision D – Miscellaneous Proposed section 180X 221 Section 180X creates the new role of a Public Interest Advocate 222 The Public Interest Advocate role will consider and evaluate journalist information warrant applications made by the Organisation and law enforcement agencies pursuant to sections 180L and 180T respectively The Public Interest Advocate will be able to make independent submissions to the Minister in the case of the journalist information warrants made by the Organisation and to the issuing authority in the case of the law enforcement agencies on the proposed undertaking in relation to each application including conditions or restrictions 223 Subsection 180X 1 permits the Prime Minister to declare a person to be a Public Interest Advocate 224 Subsection 180X 3 enables regulations to be made relating to the role of the Public Interest Advocate to support the discharge of its independent role Subsection 180X 4 clarifies that a declaration of an Advocate is not a legislative instrument Items 48-50 – Consequential changes to use and disclosure provisions 225 These items amend the Bill to insert new paragraphs into the use and disclosure provisions contained in Part 4-1 Division 6 of the TIA Act These are consequential amendments relating to the implementation of recommendations 27 and 34 of the PJCIS Report 226 These items ensure that ASIO enforcement agencies IGIS the Commonwealth Ombudsman the Minister and the PJCIS are able to use and disclose authorisations made under Chapter 4 of the TIA Act and associated information for the purposes of the new oversight and reporting functions recommended by the PJCIS in its report 227 The introduction of specific provisions to the TIA Act permitting persons to deal in information for the purpose of the IGIS exercising powers or performing functions or duties under the IGIS Act follows the introduction of similarly specific provisions into the ASIO Act by the National Security Legislation Amendment Act No 1 2014 In that context these items seek to place beyond doubt that a person use or disclose the information described in sections 181A and 182 for the purpose of the IGIS exercising powers or performing functions or duties under the IGIS Act 46 Item 51 – Use and disclosure provisions 228 Item 51 will insert amending item 6V in Schedule 1 to the Bill This item inserts new sections 182A and 182B in the TIA Act and relates to the introduction of journalist information warrants 229 Proposed section 182A creates an offence where a person discloses or uses a journalist information warrant or information about such a warrant Commission of the offence attracts a penalty of two years imprisonment 230 Proposed section 182B outlines the circumstances in which disclosures and use are permitted An enforcement agency may use or disclose such a warrant or information about such a warrant to a third party for the specified purposes set out in the section Such purposes include enabling the making of submissions under section 180X by a Public Interest Advocate enabling a person to comply with their notification obligations under section 185D or 185DE in relation to journalist information warrants enabling ASIO to perform its functions or to enforce the criminal law the enforcement of a law imposing a pecuniary penalty or the protection of the public revenue In addition a disclosure to and by an IGIS official in connection with the exercising of the powers or performing functions or duties of the IGIS is permitted 231 The note following proposed section 182B indicates that where a person is charged in relation to a contravention of new section 182A the defendant bears an evidential burden to demonstrate that the disclosure or use was lawful Item 52 – Retention of authorisations 232 Item 52 amends the Bill to insert subsection 185 3 into the TIA Act This item ensures that section 185 of the TIA Act does not limit the operation of subsection 187N 3 which item 31 inserts into the Bill Item 53 – Oversight of data journalist information warrants and authorisations 233 Item 53 will insert amending item 6X in Schedule 1 to the Bill This item inserts proposed sections 185D and 185E in the TIA Act to implement the Government‟s responses to PJCIS Report recommendations 27 and 34 Consequential on the introduction of journalist information warrants the amendments require agencies‟ to provide a copy of journalist information warrants to the Minister IGIS and Ombudsman Notification of relevant authorisations to oversight bodies and the Minister 234 Proposed section 185D will require the Director-General of Security and the Commissioner of the Australian Federal Police to provide copies of journalist information warrants to the IGIS or the Ombudsman if applicable as soon as practicable after they are made The Commissioner of the Australian Federal Police is required to give the Minister a 47 copy of the warrant as soon as practicable and the Minister must then notify the PJCIS that such a warrant has been issued 235 Furthermore the proposed section will require the Director-General of Security and the chief officers of enforcement agencies to provide the IGIS or Ombudsman as applicable with copies of authorisations made under those warrants as soon as practicable after the expiry of the warrant 236 Subsections 185D 1 2 5 and 6 will ensure that the relevant independent oversight bodies the IGIS and Ombudsman are provided with copies of journalist information warrants and authorisations made under those warrants The IGIS and Ombudsman can then undertake relevant oversight activities in relation to the warrants and subsequent authorisations under their governing legislation – the IGIS Act and in the case of the Ombudsman the TIA Act Notification to the PJCIS of independent oversight outcomes for relevant authorisations 237 Proposed subsections 185D 3 - 4 and 185D 7 - 8 impose obligations on the Minister in relation to reports provided by the IGIS or Ombudsman concerning journalist information warrants and authorisations made as a result In the event that the IGIS or the Ombudsman exercise their oversight functions in relation to relevant warrants and authorisations and report to the responsible Minister in accordance with their governing legislation the Minister is then required to provide copies of those oversight reports to the PJCIS as soon as practicable after receiving them from the IGIS or the Ombudsman 238 The PJCIS can then request the IGIS or the Ombudsman to brief it on the relevant oversight report Reports on access to retained data 239 Proposed section 185E implements recommendation 34 of the PJCIS report It imposes corresponding obligations to those in proposed section 185D on the Minister after receiving oversight reports from the IGIS or the Ombudsman in relation to the purpose and manner of access to data by ASIO or the AFP generally 240 The Minister must provide any oversight reports to the PJCIS as soon as practicable after receiving them from the IGIS or Ombudsman and the PJCIS may request the IGIS or Ombudsman to brief it on the relevant oversight report 241 These amendments will ensure that the PJCIS has visibility of the outcomes of independent oversight of authorisations undertaken by the IGIS and Ombudsman under those bodies‟ governing legislation Importantly the amendments will also preserve the independent discretion of these oversight offices in setting their oversight priorities and performing their statutory functions The amendments will further maintain the established 48 lines of reporting as between the IGIS and the Ombudsman and the relevant responsible Minister 242 The ability of the PJCIS to request briefing on the outcomes of oversight in relation to the retained data activities of ASIO and the AFP under Part 5 3 of the Criminal Code is consistent with its existing ability to seek briefings from relevant entities including the IGIS under section 30 of the ISA Item 54 – Changes to reporting to the Minister 243 Item 54 will insert amending items 6Y and 6Z into the Bill which amend section 186 of the TIA Act which relates to the information required of agencies in reporting to the Minister That information is included in the TIA Act Annual Report which is tabled in Parliament each year 244 The report includes information about agency‟s use of powers under the TIA Act including information about interception warrants warrants for access to stored communications and authorisations for access to telecommunications data Amending items 6Y and 6Z expands the list of required information in accordance with recommendation 33 of the PJCIS Report and will include the number of journalist information warrants issued during the reporting period and the number of authorisations made under those journalist information warrants 245 Proposed subsection 186 1E provides the Minister with a declaration-making power to declare additional kinds of information that must be provided under section 186 1 Item 55 – Applications made before commencement of Part 5-1A 246 Item 55 amends the Bill by adding a reference to proposed subsection 187KA 2 to paragraph 1 b of item 9 in Part 3 of Schedule 1 Item 9 in Part 3 of Schedule 1 is an application provision governing applications made by service providers prior to the commencement of the legislation 247 The effect of this amendment will be to provide that at any time after this legislation receives the Royal Assent a service provider may apply to the ACMA for review of a decision by the CAC on an application by the service provider to exempt the service provider from some or all of its data retention obligations However the service provider will not be able to apply to ACMA unless and until the CAC has made such a decision 248 The purpose of this amendment is to implement recommendation 15 of the PJCIS report in relation to the period after Royal Assent of the legislation but prior to commencement of the legislation 49 Item 56 – Decisions made before commencement of Part 5-1A 249 Item 56 amends the Bill by adding a reference to proposed section 187KA to clause 1 of item 10 in Part 3 of Schedule 1 Item 10 in Part 3 of Schedule 1 is an application provision governing the effect of decisions made prior to the commencement of the legislation Proposed section 187KA provides for a power for ACMA to review a decision by the CAC in relation to an application by a service provider for exemption or variation of its data retention obligations 250 The effect of this amendment will be to provide that for the purposes of section 4 of the Acts Interpretation Act 1901 the AIA the power to make a decision under section 187KA is taken to be a power to make an instrument of administrative character Section 4 of the AIA allows for the exercise of powers of an administrative character conferred by an Act before commencement of that Act Item 57 – First reporting period after commencement of Part 5-1A 251 Item 57 amends the Bill by inserting a new provision into Part 3 of Schedule 1 This provision provides that in the first annual reporting period following the commencement of the Bill ASIO and enforcement agencies are only required to comply with the new annual reporting requirements introduced by the Bill on a prospective basis That is agencies will not be required to report on matters that occurred before commencement of the legislative requirements Schedule 2 Amendments Item 58 – Listing of ASIC and ACCC 252 This item amends proposed subparagraph 110A 1 e by adding the Australian Securities and Investments Commission ASIC and the Australian Competition and Consumer Commission ACCC to the list of agencies which are defined as a criminal lawenforcement agency 253 The amendment implements recommendation 20 of the PJCIS Report by adding ASIC and ACCC as criminal law-enforcement agencies under proposed section 110A of the Bill The effect of this amendment is to permit ASIC and ACCC to access stored communications subject to a warrant prospective data and through status as an „enforcement agency‟ as part of the definition of a „criminal law-enforcement agency‟ access to telecommunications data Item 59 – Declaration of criminal law-enforcement agencies 254 This item amends proposed paragraph 110A 3 a by replacing the reference to „the‟ authority the Minister may declare to be a „criminal law-enforcement agency‟ with a reference to „an‟ authority the Minister may declare This item corrects an error in drafting 50 Item 60 – Declaration of criminal law-enforcement agencies 255 This item amends the Bill to insert a proposed subsection 110A 3A Proposed subsection 110A 3A clarifies that the Minister may declare an authority or body to be a criminal law-enforcement agency under subsection 110A 3 even if the head of that authority or body has not made a request in accordance with subsection 110A 2 256 This item also amends the Bill to insert a proposed subsection 110A 3B Proposed subsection 110A 3B provides that the Minister may not declare an authority or body to be a criminal law-enforcement agency unless the Minister is satisfied on reasonable grounds that the authority or body has functions that include investigating serious contraventions The term „serious contravention‟ is defined in section 5E of the TIA Act 257 Proposed subsection 110A 3B implements recommendation 17 of the PJCIS Report Proposed subsection 110A 3B is intended to ensure that only agencies that investigate serious contraventions can be declared criminal law-enforcement agencies and thereby be able to use the more intrusive powers of obtaining stored communications warrants or making an authorisation for the disclosure of prospective telecommunications data Item 61 – Omission of paragraph 110A 4 a 258 Item 61 omits proposed paragraph 110A 4 a of the Bill which required the Minister to „have regard to‟ whether the functions of the authority or body included investigating serious contraventions when considering whether to declare an authority or body to be a criminal law-enforcement agency 259 This item implements the relevant part of recommendation 17 of the PJCIS Report Under proposed subsection 110A 3B the Minister is required to be „satisfied on reasonable grounds‟ that the functions of the authority or body include investigating serious contraventions This new requirement supersedes the reference in proposed paragraph 110A 4 a of the Bill to the Minister being required to „have regard to‟ this factor Item 62 – Omission of reference to ‘those’ serious contraventions 260 Item 62 amends the Bill by removing the reference to „those‟ serious contraventions in paragraph 110A 4 b This item is consequential on the deletion of paragraph 110A 4 a effected by item 61 There is no further requirement to refer to „those‟ serious contraventions Items 63 64 and 65 – Privacy considerations with respect to ‘criminal law-enforcement agency’ declarations 261 Items 63 64 and 65 will amend subparagraph 110A 4 c ii of the Bill to provide that the characteristics of a binding scheme in relation to the protection of personal information include a mechanism for monitoring the authority or body‟s compliance with the scheme and 51 to enable individuals to seek recourse if their personal information is mishandled 262 The effect of these items will require the Minister to be satisfied in considering whether to make a declaration of an „criminal law-enforcement agency‟ that the authority or body is required to comply with a binding scheme with the listed privacy-protection mechanisms These items implement recommendation 18 of the PJCIS Report Item 66 – Declaration of criminal law-enforcement agency to expire after 40 sitting days 263 Item 66 amends the Bill to insert proposed subsections 110A 10 and 110A 11 The purpose of item 66 is to implement the relevant part of recommendation 17 of the PJCIS report which was that declarations of criminal law-enforcement agencies should expire after 40 days and that any Bill to amend the TIA Act should be referred to the PJCIS for review 264 Paragraph 110A 10 a provides that a declaration will come into force either when it is made or on a later day specified in the declaration Paragraph 110A 10 b provides that the declaration ceases to be in force after 40 sitting days of either House of Parliament after the declaration comes into force The time to expiry of the declaration will only commence once the declaration comes into force which may be later than when it is made 265 Subsection 110A 11 that when a Bill is introduced into either House of Parliament to amend the list of criminal law-enforcement agencies in the TIA Act the Minister must refer the amending Bill to the PJCIS and give the PJCIS at least 15 sitting days of a House of Parliament to conduct its review and issue its report Item 67 – Declaration of enforcement agencies 266 This item amends proposed paragraph 176A 3 a inserted as an amendment to item 4 in Part 1 of Schedule 2 of the Bill by replacing the reference to „the‟ authority the Minister may declare to be an „enforcement agency‟ with a reference to „an‟ authority the Minister may declare This item corrects an error in drafting Item 68 – Declaration of enforcement agencies 267 This item amends the Bill to insert a proposed subsection 176A 3A Proposed subsection 176A 3A clarifies that the Minister may declare an authority or body to be an enforcement agency under subsection 176A 3 even if the head of that authority or body has not made a request in accordance with subsection 176A 2 268 This item also amends the Bill to insert a proposed subsection 176A 3B Proposed subsection 176A 3B provides that the Minister may not declare an authority or body to be an enforcement agency unless the Minister is satisfied on reasonable grounds that the authority or body has functions that include or more of enforcement of the criminal law administering a law imposing a pecuniary penalty administering a law relating to the protection of the public revenue 52 269 Proposed subsection 176A 3B implements the relevant part of recommendation 21 of the PJCIS Report Proposed subsection 176A 3B is intended to ensure that only agencies that have the functions referred to above can be declared enforcement agencies and thereby be able to access historic telecommunications data Item 69 – Omission of paragraph 176A 4 a 270 Item 69 omits proposed paragraph 176A 4 a of the Bill which required the Minister when considering whether to declare an authority or body to be an enforcement agency to „have regard to‟ whether the authority or body has one or more of the following functions enforcement of the criminal law administering a law imposing a pecuniary penalty administering a law relating to the protection of the public revenue 271 This item implements the relevant part of recommendation 21 of the PJCIS Report and is consequential on proposed subsection 176A 3B Under proposed subsection 176A 3B the Minister is required to be „satisfied on reasonable grounds‟ that the functions of the authority or body include the functions referred to above This new requirement supersedes the reference in proposed paragraph 176A 4 a of the Bill to the Minister being required to „have regard to‟ this factor Item 70 – Omission of reference to ‘those functions’ 272 Item 70 amends the Bill by removing the reference to „those functions‟ in paragraph 176A 4 b The reference to „those functions‟ includes the enforcement of a criminal law pecuniary penalty or protection of public revenue in proposed paragraph 176A 4 a of the Bill 273 This item is consequential on the deletion of paragraph 176A 4 a effected by item 69 and the insertion of subsections 176A 3A and 3B There is no further reference to „those functions‟ as this has been substituted by „the functions referred to in subsection 3B ‟ which includes the enforcement of a criminal law pecuniary penalty or protection of public revenue Items 71 72 and 73 – Privacy considerations with respect to ‘enforcement agency’ declarations 274 Items 71 72 and 73 will amend subparagraph 176A 4 c ii of the Bill to provide that the characteristics of a binding scheme in relation to the protection of personal information include a mechanism for monitoring the authority or body‟s compliance with the scheme and to enable individuals to seek recourse if their personal information is mishandled 53 275 The effect of these items will require the Minister to be satisfied in considering whether to make a declaration of an „enforcement agency‟ that the authority or body is required to comply with a binding scheme with the privacy-protection mechanisms These items implement recommendation 22 of the PJCIS Report Item 74 – Declaration of enforcement agency to expire after 40 sitting days 276 Item 74 amends the Bill to insert proposed subsections 176A 10 and 11 The purpose of item 74 is to implement the relevant part of recommendation 21 of the PJCIS report which was that declarations of law enforcement agencies should expire after 40 days and that any Bill to amend the TIA Act be referred to the PJCIS for review 277 Paragraph 176A 10 a provides that the declaration will come into force either when it is made or on a later day specified in the declaration Paragraph 176A 10 b provides that the declaration ceases to be in force after 40 sitting days of either House of Parliament after the declaration comes into force The time to expiry of the declaration will only commence once the declaration comes into force which may be later than when it is made 278 Subsection 176A 11 a provides that when a Bill is introduced into either House of Parliament to amend the list of enforcement agencies in the TIA Act the Minister must refer the amending Bill to the PJCIS and give the PJCIS at least 15 sitting days of a House of Parliament to conduct its review and issue its report 54